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In the official action, the Examiner called for a new title. As the Examiner will note by 
reference to the amendments made above, that has been done. 

The Examiner also rejected claim 1 under 35 U.S.C. 102 as being fully anticipated by US 
Patent No. 6,591,306 to Redlich. This grounds for rejection is respectfully traversed. 

35 use 102 Rejection Based on Redlich 

The embodiment of Redlich (US 6,591,306) reUed upon by the examiner is the third 
embodiment which is depicted in Figure 11 and described from column 24, line 18 
onwards. However, it is also useful to read the description of the second embodiment 
(shown in Figure 2) as this concerns a tunnel set up between intermediates elements 
(access router and outside router) of the communication path between the client system 
("guest") and a remote system (not shown in Figure 10). The second embodiment is 
described between column 22, line 63 and column 24, line 16; lines 46 to 57 of column 23 
clearly describe what is meant by a tunnel in Redlich. 

In the third embodiment of Redlich, in addition to the tunnel between the access router 
and outside router provided in the second embodiment, a further, secure, tunnel is set 
up between the guest system and "a router that exists in a trusted environment such as 
the guest station's home network. Such a router is depicted in Fig. 11 as a tunnel server" 
- see col. 24, lines 34-37. 

Thus, the data packets that the guest system wishes to send to a target system on its 
home network are encapsulated as payload in encrypted packets sent to the tunnel 
server, the latter decrypting the encrypted packets and sending the payload packets on 
to the target system. 

Specific implementation details of the third embodiment are given in column 25. The 
data packets being sent by the guest system to the target system are PPP packets. These 
are encapsulated in PPTP packets for sending to the tunnel server. 
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In all embodiment of Redlich, the role of the access server is to substitute a "care of" 
(c/o) address for the guest station's IP address - in the third embodiment it is the guest 
station's address in the PPTP packets that is substituted, the guest station's address in 
the PPP packets remaining unchanged. 

An important point to note is that the tunnel connection between the guest station and 
the tunnel server involves the use of TWO TCP connections, one for tunnel control and 
the other for the exchange of the PPTP packets that encapsulate the PPP packets. This is 
described at lines 38-42 of column 25. 

Differences between Redlich and the present application 
There are two main differences: 

(1) The guest station of Redlich only sets up ONE security session, this being with 
the tunnel server. The guest station does not set up a security session with the target 
system, this being unnecessary since the tunnel server itself exists in a trusted 
environment (see passage quoted above). Whilst the tunnel between the access router 
and outside router can be a secure tunnel, this is not set up by the guest station but by 
the access router (to ensure that guest packets cannot leak out behind the host 
network's firewall). 

(2) Because a separate tunnel control connection is established between the guest 
station and the tunnel server, the tunnel server knows that all the encapsulated packets 
it receives on the main tunnel connection are to be extracted and forwarded to the 
target system. None of the encapsulated packets received on the main tunnel 
connection are intended for the tunnel server - if the guest station wishes to 
communicate with the tunnel server, it can do this over the tunnel control connection. 

As a consequence, there is no need for, and no disclosure of, the following feature of 
claim 1: 

"each PDU having a message-type field by which the security entity in the 
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intermediate system can determine whether a PDU it receives encapsulates a PDU to be 
extracted and sent on." 

This difference is clearly a major difference between Redlich and claim 1. Furthermore, 
it would not be obvious to modify Redlich to derive this feature because there is no 
need or incentive in the Redlich arrangement to provide the feature. 

As such, the Examiner is respectfully requested to reconsider and withdraw the 
rejection of claim 1 based on Redlich. 

With respect to the Examiner's treatment of the remaining claims in this application, it is 
noted that the Examiner does not reject claim 2. However, the Examiner has two 
different paragraphs rejecting claim 6. See paragraphs 7 and 12 of the official action. 
While it is certainly possible to have two different grounds for rejecting claim 6, but if 
that is the case, then there should have been a paragraph rejecting claim 2, given the 
fact that in the summary of the official action the Examiner indicates that claim 2 is 
rejected. 

Perhaps the discussion on page 4 of the official action was intended to be directed to 
claim 2. In any event, Redlich seems to contemplate a single security session with a 
single tunnel connection. If that is the case, the Examiner's asserted motivation for 
combining Kirby and Redlich seems to disappear. The Examiner's discussion that 
modifying Redlich in view of Kirby ''offers the advantage of allowing routing... 
depends on the tunnel over which" assumes that Redlich provides for multiple secure 
simultaneous tunnels. What is that assumption based upon? 

35 U.S.C. 103 Rejection 

Claims 3-5 and 7 are rejected under 35 U.S.C. 103 based on Redlich and Subramanian. 



This grounds for rejection is respectfully traversed. 

It is not understood where the limitation "setting up... a nested, second security session 
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with said another system with PDUs associated with the second session being 
encapsulated within PDUs associated with the first session'' is allegedly nnet by the 
suggested combination. 

Applicant notes, with all due respect to the Examiner, that it is the Examiner's obUgation 
to point out exactly how each and every limitation of each rejected claim is allegedly 
shown in the cited art. See 37 CFR 1.104(c )(2). 

In the future, if the Examiner should reject any claim on prior art grounds, the 
Examiner is respectfully requested to follow the rules of practice in this regard. 

With respect to the rejection of claims 4-5 and 8, why combine Redlich and 
Subramanian? The Examiner says that the motivation for making the combination is 
that it "offers the advantage of providing second access to a secure intranet." But, 
Redlich already provides that functionality with the suggestion of a PPTP connection 
using. For example, a Microsoft NT VPN server (see colunm 25, lines 12-42). So, why is 
someone supposed to be motivated to modify Redlich to provide a feature which it 
already has? Furthermore, what does this alleged motivation have to do with the 
subject matter of claims 4, 5 and 8? 
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Reconsideration of this application as amended is respectfully requested. 

The Commissioner is authorized to charge any additional fees which may be required 
or credit overpayment to deposit account no. 12-0415. In particular, if this response is 
not timely filed, then the Commissioner is authorized to treat this response as including 
a petition to extend the time period pursuant to 37 CFR 1.136 (a) requesting an 
extension of time of the number of months necessary to make this response timely filed 
and the petition fee due in connection therewith may be charged to deposit account no. 



12-0415. 
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